PHP Login system doesnt display anything after i hit login

Question

The PHP code is as follows:

<html>

<?php


$username = $_POST['user'];
$password = $_POST['pass'];


$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);


mysql_connect("localhost", "root", "");
mysql_select_db("login");

$result = mysql_query("select * from users where username = '$username' and password = '$password'")
 or die ("Failed to query database ".mysql_error());

$row = mysql_fetch_array($result);

$dbusername = $row['username'];
$dbpassword = $row['password'];

if ($username == $dbusername); {
    echo "login succesfull";
}
else
    {
    echo "failed to login"; 
}



?>


</html>

and the login page code is:

<!DOCTYPE html>
<html>
<head>
    <title>Login Page</title>
    <link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>

<img src="WCCS Logo.png" id="schoollogo">
<div id="frm">
    <form action="process.php" method="POST">
        <p>
            <label>Username: </label>
            <input type="text" id="user" name="user"/>


        </p>

        <p>
            <label>Password: </label>
            <input type="password" id="pass" name="pass" />
        </p>

        <p>

            <input type="submit" id="btn" value="login" />
        </p>
    </form>
</div>

</body>

The database is named login and the table is called users it has id, username, password, first name and last name columns with entered information.

For some unknown reason when I click the submit button it brings up a blank page, although the url changes to the page and when I add some type of text like a html paragraph it displays it.

So it goes to the page, also there is a css file if needed, it was working a couple days ago and now it is not. I dont understand what is wrong with it.

It is like the PHP doesnt even get run, its just ignored

A blank page is usually a sign of a `Error 500` turn on error reporting and check your logs for errors. But I just glanced your code and I spotted two missing `;`'s where you assign your database values to `$dbusername =` — Epodax, Oct 07 '16 at 09:56
Are you checking your errors? (http://stackoverflow.com/questions/1053424/how-do-i-get-php-errors-to-display) — phaberest, Oct 07 '16 at 09:57
Is the top php code in 'process.php' (as this is the form action)? If so, you can turn on error reporting for php to see if there is an error by adding `error_reporting(E_ALL); ini_set('display_errors', 1);` to you php.ini... Or if you cannot access this you can just print trace statements through the code to see how far you get before any error occurs to try to debug it — Pete Gaulton, Oct 07 '16 at 09:59

Rahul Patel · Answer 1 · 2016-10-07T10:46:21.797

3

I want to clear few points:

Mysql is deprecated so use of mysqli and PDO is good practice now onward.
As per your code it seems that you haven't stored encrypted password in DB. You must have to encrypt password for security purpose.
You are comparing your username and password in your query itself then why are you comparing it again in PHP code.

Please try below code instead:

<?php
    $con=mysqli_connect("localhost","root","","login");

    $username = $_POST['user'];
    $password = $_POST['pass'];
    $username = stripcslashes($username);
    $password = stripcslashes($password);
    $username =  mysqli_real_escape_string($con, $username);
    $password =  mysqli_real_escape_string($con, $password);

    $result = mysqli_query($con, "select * from users where username = '".$username."' and password = '".$password."'") or die ("Failed to query database ".mysqli_error());

    $row = mysqli_fetch_array($result);

    if (!empty($row)) {
        echo "login succesfull";
    }
    else{ echo "failed to login"; }
?>

edited Oct 07 '16 at 10:46

answered Oct 07 '16 at 10:03

Rahul Patel

5,248
2
14
26

1

`Mysql is deprecated so use of mysqli and PDO is good practice now onward.` Maybe update your example code to follow your points? – IsThisJavascript Oct 07 '16 at 10:06
1

@WillParky93 thank you for good suggestion. Updated it in my answer. – Rahul Patel Oct 07 '16 at 10:10
What errors are you getting? Can you please place error_reporting(E_ALL); ini_set('display_errors', 1); at the top of your page and check. – Rahul Patel Oct 07 '16 at 10:18
whats the network log says? check network log in developer tools, also turn on displaying errors – nooby Oct 07 '16 at 10:20
1

Error is with this line, `$result = mysqli_query($con, "select * from users where username = '$username' and password = '$password'"); or die ("Failed to query database ".mysqli_error());` There's an extra ';' just before the `or die("Failed...` – IsThisJavascript Oct 07 '16 at 10:23
Updated it.. Thanks a lot @WillParky93 – Rahul Patel Oct 07 '16 at 10:25
I have put it at the top nothing comes up – deathblade80 Oct 07 '16 at 10:26
Are you getting blank page? Have you tried with the updated script? – Rahul Patel Oct 07 '16 at 10:28
@deathblade80 There was a slight edit to the above answer, please retry the new code. – IsThisJavascript Oct 07 '16 at 10:28
yep still getting a blank page – deathblade80 Oct 07 '16 at 10:36
I got the issue. The mysqli_real_escape_string should have connection object as first argument which I was made mistake earlier. Please check updated answer. Which working very well. And don't forget to create connection object before mysqli_real_escape_string as shown in my answer. – Rahul Patel Oct 07 '16 at 10:47
yep didnt fix it, idk what is going wrong, could it be xampp but the page loads so idk – deathblade80 Oct 07 '16 at 11:36
1

Its very strange because I have tried the same on my server and it is working fine. – Rahul Patel Oct 07 '16 at 12:04

IsThisJavascript · Answer 2 · 2016-10-07T10:22:26.233

2

$dbusername = $row['username']
$dbpassword = $row['password']

These should be changed too

$dbusername = $row['username'];
$dbpassword = $row['password'];

A white page (with errors turned on) is a good indication that you've missed one of these: ()[]{};.

This line has an extra ';'. So change this:

 $result = mysql_query("select * from users where username = '$username' and password = '$password'");
 or die ("Failed to query database ".mysql_error());

to this:

  $result = mysql_query("select * from users where username = '$username' and password = '$password'")
 or die ("Failed to query database ".mysql_error());

The culrpit was password = '$password'"); or die

edited Oct 07 '16 at 10:22

answered Oct 07 '16 at 09:58

IsThisJavascript

1,726
2
16
25

If you (or your sever) recently updated to php7, then you are most likely getting a crash due to MySQL functions being removed. As others have said (and look at @Rahul Patel's answer) use MySQLi. Do you know what you current php ver is? `` – IsThisJavascript Oct 07 '16 at 10:16
@deathblade80 I found one more error in your code which should fix this issue, please see my edited answer – IsThisJavascript Oct 07 '16 at 10:22

score 2 · Answer 3 · answered Oct 07 '16 at 10:11

Several problems/bad practice...

1: Don't save passwords in plaintext in your database. Use some encryption like hash+md5.

2: Don't use mysql. Use mysqli or PDO instead. -> http://php.net/manual/de/book.mysqli.php -> http://php.net/manual/de/book.pdo.php

3: Some logic: Take a look at your SQL query. You're selecting from users where Username & password correspond to the values entered by the user. So, what this means? If the query will find an entry, the data will be automatically correct, cause if you put in a wrong password the statement won't return any data, so your if statement is unnecessary. By doing this:

$dbusername = $row['username']
$dbpassword = $row['password']

(btw, ; is missing here at the end of the two lines) your just assigning the returned data from the database to the variables. But its just logic that $dbusername will always correspont to $username, because as i said, you just handled the SQL statement this way.

I think you're quite new to programming, or at least new to PHP. I really recommend you to take a look at mysqli and google for some login systems, take a look at those examples and rewrite your code.

Btw, i don't know what you're knowing about sessions, but i'm quite sure you'll start a session when you log in, so may thats another keyword too you can google.

PHP Login system doesnt display anything after i hit login

3 Answers3